ipsec policy (interface view)

Syntax

ipsec policy policy-name

undo ipsec policy [ policy-name ]

View

Interface view

Default level

2: System level

Parameters

policy-name: Name of the existing IPsec policy group to be applied to the interface, a string of 1 to 15 characters.

Description

Use the ipsec policy command to apply an IPsec policy group to an interface.

Use the undo ipsec policy command to remove the application.

IPsec policies can be applied only to VLAN interfaces on the switch.

Only one IPsec policy group can be applied to an interface. To apply another IPsec policy group to the interface, remove the original application first. An IPsec policy can be applied to only one interface.

With an IPsec policy group applied to an interface, the system uses each IPsec policy in the group to protect certain data flows.

For each packet to be sent out an IPsec protected interface, the system checks the IPsec policies of the IPsec policy group in the ascending order of sequence numbers. If it finds an IPsec policy whose ACL matches the packet, it uses the IPsec policy to protect the packet. If it finds no ACL of the IPsec policies matches the packet, it does not provide IPsec protection for the packet and sends the packet out directly.

Related commands: ipsec policy (system view).

Examples

# Apply IPsec policy group pg1 to interface VLAN-interface 1.

<Sysname> system-view
[Sysname] interface vlan-interface 1
[Sysname-Vlan-interface1] ipsec policy pg1